[Top] [All Lists]

Re: Next Draft of Proposed Charter

2002-05-28 05:57:00


This is a point to be raised in the security considerations section of the document. It is quite reasonable to document both methods of using RSA, then warn people that a different key pair should be used with each one.


At 01:03 AM 5/25/2002 +0200, Bodo Moeller wrote:

Housley, Russ <rhousley(_at_)rsasecurity(_dot_)com>:

>>> Here is the next draft of the proposed working group charter.  The
>>> biggest change from the previous posting is that both OAEP and KEM become
>>> standards track documents.

>> Are the differences between the attacks and mitigations presented by OAEP
>> and KEM really worth the high liklihood of lack of interoperability?

> RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so
> this choice does not require any adjustments in the PKI.

This makes it is pretty pointless to use "provably secure"
cryptography, though -- all security guarantees that OAEP, say, may
promise are voided if you use the same key for decrypting messages
using some other style of RSA.

<Prev in Thread] Current Thread [Next in Thread>